From: aaronv <svn...@pl...> - 2006-07-07 20:10:29
|
Author: aaronv Date: Fri Jul 7 20:10:18 2006 New Revision: 25876 Modified: SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py SignupSheet/trunk/README.txt SignupSheet/trunk/content/signupsheet.py SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt Log: Fixed workflow bug for registrants that allowed anon to view pending registrant Added conditional for editable border for signup sheet so anon does not see plone interface Removed redundant manage link for signup sheet Added proper permissions for export and schema edit methods on signupsheet Updated README to reflect changes Modified: SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py ============================================================================== --- SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py (original) +++ SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py Fri Jul 7 20:10:18 2006 @@ -36,7 +36,7 @@ wf.variables.addVariable(v) for l in []: wf.worklists.addWorklist(l) - for p in ('Delete objects', 'Modify portal content', 'SignupSheet: Add Registrant'): + for p in ('Delete objects', 'Modify portal content', 'SignupSheet: Add Registrant','View'): wf.addManagedPermission(p) @@ -50,6 +50,7 @@ sdef.setPermission('Delete objects', 0, ['Anonymous', 'Manager', 'Owner']) sdef.setPermission('Modify portal content', 0, ['Anonymous', 'Manager', 'Owner']) sdef.setPermission('SignupSheet: Add Registrant', 0, ['Anonymous', 'Manager', 'Owner']) + sdef.setPermission('View', 1, []) sdef = wf.states['confirmed'] sdef.setProperties(title="""Confirmed""", @@ -57,6 +58,7 @@ sdef.setPermission('Delete objects', 0, ['Manager']) sdef.setPermission('Modify portal content', 0, ['Owner', 'Manager']) sdef.setPermission('SignupSheet: Add Registrant', 1, []) + sdef.setPermission('View', 0, ['Manager']) sdef = wf.states['unconfirmed'] sdef.setProperties(title="""Unconfirmed""", @@ -64,6 +66,7 @@ sdef.setPermission('Delete objects', 0, ['Manager']) sdef.setPermission('Modify portal content', 0, ['Owner', 'Manager']) sdef.setPermission('SignupSheet: Add Registrant', 1, []) + sdef.setPermission('View', 0, ['Manager']) ## Creation of workflow scripts Modified: SignupSheet/trunk/README.txt ============================================================================== --- SignupSheet/trunk/README.txt (original) +++ SignupSheet/trunk/README.txt Fri Jul 7 20:10:18 2006 @@ -71,7 +71,6 @@ o It is possible to prematurely fill up registration by malicious user. - o SignupSheet view displays portions of the Plone editing interface, such as the view tab. Authors Modified: SignupSheet/trunk/content/signupsheet.py ============================================================================== --- SignupSheet/trunk/content/signupsheet.py (original) +++ SignupSheet/trunk/content/signupsheet.py Fri Jul 7 20:10:18 2006 @@ -1,6 +1,6 @@ #CMF from Products.CMFCore.utils import getToolByName -from Products.CMFCore.CMFCorePermissions import View, ModifyPortalContent +from Products.CMFCore.CMFCorePermissions import View, ModifyPortalContent, ManagePortal from Products.CMFPlone.interfaces.NonStructuralFolder import INonStructuralFolder #ArcheTypes @@ -18,9 +18,7 @@ from Products.ATContentTypes.content.folder import * #security -from Products.CMFCore import CMFCorePermissions from AccessControl import ClassSecurityInfo -security = ClassSecurityInfo() #need this for the export tool @@ -101,9 +99,9 @@ #setup actions for edit and export tools actions = ({ 'id' : 'editschema', - 'name' : 'edit schema', + 'name' : 'edit registrant form', 'action' : 'string:${object_url}/signupsheet_schema_editor', - 'permissions' : (ModifyPortalContent, ), + 'permissions': ('Manage portal',), 'category' : 'object', }, { @@ -117,11 +115,12 @@ 'id' : 'exportdata', 'name' : 'export data', 'action' : 'string:${object_url}/export_registrant_fields', - 'permissions' : (ModifyPortalContent, ), + 'permissions': ('Modify portal content',), 'category' : 'object', }, ) + security = ClassSecurityInfo() schema = schema portal_type = meta_type = "SignupSheet" @@ -162,7 +161,7 @@ #Code from UpFront objs product - #security.declareProtected(CMFCorePermissions.ModifyPortalContent, 'exportCSV') + security.declareProtected(ModifyPortalContent,'exportCSV') def exportCSV(self, objs=None, fields=None, delimiter='comma', quote_char='double_quote', coding=None, export_type='Person'): @@ -249,6 +248,7 @@ return result #used by export_registrant_fields to gather fields for export + security.declareProtected(ModifyPortalContent,'contactTypeFieldNames') def contactTypeFieldNames(self, import_type): "Returns the field names for contact type" Modified: SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt ============================================================================== --- SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt (original) +++ SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt Fri Jul 7 20:10:18 2006 @@ -6,10 +6,13 @@ metal:use-macro="here/main_template/macros/master"> <head><title></title> -<!-- this little trick keeps the editing border from showingup --> +<!-- this little trick keeps the editing border from showing up --> +<metal:block fill-slot="top_slot" + tal:define="border python:test( here.portal_membership.isAnonymousUser(), 'disable_border', 'ignore' ); + dummy python: request.set(border,1) " /> + + -<!-- <metal:block fill-slot="top_slot" - tal:define="dummy python: not request.set('disable_border',-1)" /> --> </head> <body> <div metal:fill-slot="main"> @@ -20,7 +23,7 @@ </div> <div class="formControls"> <div tal:condition="python: user.has_permission('SignupSheet: Add SignupSheet', here)"> - <a href="signupsheet_schema_editor">manage signup sheet</a> + <!--<a href="signupsheet_schema_editor">manage signup sheet</a>--> </div> <br /> <h1 tal:content="title_string | here/title_or_id" /> Modified: SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt ============================================================================== --- SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt (original) +++ SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt Fri Jul 7 20:10:18 2006 @@ -215,7 +215,7 @@ <tal:if condition="not:here/atse_isTool"> <a href="#" tal:attributes="href string: ${here/absolute_url}/atse_updateManagedSchema?portal_type=$SCHEMA_ID&schema_template=$SCHEMA_TEMPLATE" - i18n:translate="update_schema_for_all_schemas" onclick="javascript:if (!confirm('Really update all associated objects? This operation cannot be undone!')) {return false;}">Update schema for all managed schemas</a><br/><br/></tal:if> + i18n:translate="update_schema_for_all_schemas" onclick="javascript:if (!confirm('Really update all associated objects? This operation cannot be undone!')) {return false;}">Update fields for all registrants</a><br/><br/></tal:if> <!--<a href="#" tal:attributes="href string: ${here/absolute_url}/atse_updateManagedSchema?portal_type=$SCHEMA_ID&schema_template=$SCHEMA_TEMPLATE&update_all=1" i18n:translate="update_schema_for_really_all_schemas" onclick="javascript:if (!confirm('Really update all objects in portal (even unmanaged ones)? This operation cannot be undone!')) {return false;}">Update schema for all objects in portal (even unmanaged ones)</a>--> |